Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-2644

Cannot resolve element with ID "s2..."

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 9.5.5, 10.0.1, 10.1.0-Xpress, 11.0.0
    • Fix Version/s: 9.5.6, 10.0.2, 11.0.0
    • Component/s: SAML
    • Labels:
    • Environment:
      java version "1.6.0_51"
      Java(TM) SE Runtime Environment (build 1.6.0_51-b11-456-11M4508)
      Java HotSpot(TM) 64-Bit Server VM (build 20.51-b01-456, mixed mode)

    • Rank:
      1|hzmsqv:
    • Sprint:
      Sprint 29

      Description

      With versions greater than 1.6.0_45 and 1.7.0_21 the following error message can be seen while trying to sign SAML2 requests/responses:

      ERROR: Error processing request
      com.sun.identity.saml2.common.SAML2Exception: Cannot resolve element with
      ID s2f948a2cfb694321be70e89a66dd4f5edae5a5cd1
          at
      com.sun.identity.saml2.xmlsig.FMSigProvider.sign(FMSigProvider.java:228)
          at
      com.sun.identity.saml2.assertion.impl.AssertionImpl.sign(AssertionImpl.java:674)
          at
      com.sun.identity.saml2.profile.IDPSSOUtil.signAssertion(IDPSSOUtil.java:2508)
          at
      com.sun.identity.saml2.profile.IDPSSOUtil.signAndEncryptResponseComponents(IDPSSOUtil.java:2584)
          at
      com.sun.identity.saml2.profile.IDPSSOUtil.sendResponse(IDPSSOUtil.java:639)
          at
      com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:468)
          at
      com.sun.identity.saml2.profile.IDPSSOUtil.doSSOFederate(IDPSSOUtil.java:318)
          at
      com.sun.identity.saml2.profile.IDPSSOUtil.doSSOFederate(IDPSSOUtil.java:178)
          at
      org.apache.jsp.saml2.jsp.idpSSOInit_jsp._jspService(idpSSOInit_jsp.java:117)
      

      This is due to changes in the XML processing APIs in the JDK.
      Workaround: temporarily downgrade the JDK version to 1.6.0_45 or 1.7.0_21

      Note that in some rare cases the version number of JDK may differ, for example with RedHat this same error can be seen with "rhel-1.65.1.11.13.el6_4-x86_64" (maps to 1.6.0_24), see https://bugzilla.redhat.com/show_bug.cgi?id=975767 .

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              markdr Mark de Reeper
              Reporter:
              bthalmayr Bernhard Thalmayr
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: